[tor-dev] DEFAULT_ROUTE_LEN [was: Silly (or not so silly) question]
grarpamp
grarpamp at gmail.com
Thu Jul 24 20:48:21 UTC 2014
On Wed, Jul 23, 2014 at 6:34 PM, Roger Dingledine <arma at mit.edu> wrote:
> On Wed, Jul 23, 2014 at 11:24:47PM +0100, Noel David Torres Taño wrote:
>> What would happen if a Tor node changes behaviour and uses four or five
>> relay steps instead of three?
At around DEFAULT_ROUTE_LEN 8 or above I get a lot of these, with
EXTEND being shown in various command locations, and no connectivity
to hidden services. Lower values or 4 or 5 probably work just fine but I
didn't bother testing more than a couple clearnet and onion circuits
since it's not yet a controller/config tunable and thus takes
edit/compile/run time. So even my test of 9 > 5 > 7 > 8 take with salt.
Don't know if this likely represent a bug to test more, or just timeouts...
the circuits that did work setup in times not feeling much more than
time/3*LEN. I'd suggest an undocumented tunable and unit test if
it's worth research/statistic/function_checking purpose.
relay_send_command_from_edge_(): Bug: Uh-oh. We're sending a
RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on
that circuit. Commands sent before:
(unrecognized),(unrecognized),(unrecognized),(unrecognized),EXTEND,EXTEND,(unrecognized)
>> Would it enhance Tor's security?
>
> I assume you mean a Tor client?
>
> https://www.torproject.org/docs/faq#ChoosePathLength
>
>> Is it possible to relay Tor through a Tor connection? I mean using Tor
>> with its three steps to reach a Tor entry node to get three extra steps.
>
> Yes, it is possible. But it is currently considered a flaw, because it
> can be used to work around the 'infinite path length' defenses.
> http://freehaven.net/anonbib/#congestion-longpaths
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/110-avoid-infinite-circuits.txt
> https://trac.torproject.org/projects/tor/ticket/2667
>
>> Would that difficult correlation attacks?
>
> Defending against correlation attacks is an open research, so "maybe".
> But it's not clear how it would, since an adversary who can see or
> measure your first hop (on the first circuit) and also your last hop
> (on the last circuit) would still be in the right place to do the attack.
More information about the tor-dev
mailing list